Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(29)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: extensions/browser/url_request_util.cc

Issue 2768863003: Fix webview-accessible resource checks in AllowCrossRendererResourceLoadHelper (Closed)
Patch Set: Cleanup Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/test/data/extensions/platform_apps/web_view/load_webview_accessible_resource/embedder.js ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: extensions/browser/url_request_util.cc
diff --git a/extensions/browser/url_request_util.cc b/extensions/browser/url_request_util.cc
index c7347cdbe956a4fc74d847daccf7175c1b3885d2..20e32c61b77d19208bb7ce156c7bc4a895d2415c 100644
--- a/extensions/browser/url_request_util.cc
+++ b/extensions/browser/url_request_util.cc
@@ -152,17 +152,16 @@ bool AllowCrossRendererResourceLoadHelper(bool is_guest,
const std::string& resource_path,
ui::PageTransition page_transition,
bool* allowed) {
- // |owner_extension == extension| needs to be checked because extension
- // resources should only be accessible to WebViews owned by that extension.
- if (is_guest && owner_extension == extension &&
- WebviewInfo::IsResourceWebviewAccessible(extension, partition_id,
- resource_path)) {
- *allowed = true;
- return true;
- }
+ if (is_guest) {
+ // An extension's resources should only be accessible to WebViews owned by
+ // that extension.
+ if (owner_extension != extension) {
alexmos 2017/03/23 18:23:53 Seems like the old check also allowed web-triggera
lfg 2017/03/23 18:49:40 This is a bug I fixed in the past, but Paul reintr
+ *allowed = false;
+ return true;
+ }
- if (is_guest && !ui::PageTransitionIsWebTriggerable(page_transition)) {
- *allowed = false;
+ *allowed = WebviewInfo::IsResourceWebviewAccessible(extension, partition_id,
+ resource_path);
return true;
}
« no previous file with comments | « chrome/test/data/extensions/platform_apps/web_view/load_webview_accessible_resource/embedder.js ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698